Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
43
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
140
Getting Started in Bug Bounty
jr0ch17
0
120
Getting Blindly Lucky
jr0ch17
0
77
Qu'est-ce que le bug bounty?
jr0ch17
0
120
Finding 5 bugs in a single parameter
jr0ch17
0
82
Beyond the Borders of Scope
jr0ch17
0
68
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
KotlinConf 2025_イベントレポート
sony
1
110
下手な強制、ダメ!絶対! 「ガードレール」を「檻」にさせない"ガバナンス"の取り方とは?
tsukaman
2
420
AWSで始める実践Dagster入門
kitagawaz
1
580
現場で効くClaude Code ─ 最新動向と企業導入
takaakikakei
1
210
Platform開発が先行する Platform Engineeringの違和感
kintotechdev
4
540
MCPで変わる Amebaデザインシステム「Spindle」の開発
spindle
PRO
3
3.2k
データアナリストからアナリティクスエンジニアになった話
hiyokko_data
2
440
複数サービスを支える マルチテナント型 Batch MLプラットフォーム
lycorptech_jp
PRO
0
300
2025年夏 コーディングエージェントを統べる者
nwiizo
0
140
サラリーマンの小遣いで作るtoCサービス - Cloudflare Workersでスケールする開発戦略
shinaps
2
400
JTCにおける内製×スクラム開発への挑戦〜内製化率95%達成の舞台裏/JTC's challenge of in-house development with Scrum
aeonpeople
0
190
Evolución del razonamiento matemático de GPT-4.1 a GPT-5 - Data Aventura Summit 2025 & VSCode DevDays
lauchacarro
0
150
Featured
See All Featured
Large-scale JavaScript Application Architecture
addyosmani
512
110k
Build your cross-platform service in a week with App Engine
jlugia
231
18k
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.4k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
51
5.6k
Docker and Python
trallard
45
3.6k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
131
19k
Java REST API Framework Comparison - PWX 2021
mraible
33
8.8k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
31
2.2k
Agile that works and the tools we love
rasmusluckow
330
21k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
44
2.5k
Designing Experiences People Love
moore
142
24k
Automating Front-end Workflow
addyosmani
1370
200k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
sony
tsukaman
kitagawaz
takaakikakei
kintotechdev
spindle
hiyokko_data
lycorptech_jp
nwiizo
shinaps
aeonpeople
lauchacarro
addyosmani
jlugia
philnash
reverentgeek
trallard
morganepeng
mraible
marcduiker
rasmusluckow
bcantrill
moore
